curriculum vitaeconnect.mandela.ac.za/.../rossouw/cv_rossouw.pdf · curriculum vitae 1....
TRANSCRIPT
CURRICULUM VITAE
1. Biographical Sketch Name: Rossouw von Solms Address: Faculty of Engineering, the Built Environment and Information
Technology PO Box 77000 Nelson Mandela Metropolitan University Port Elizabeth 6031 SOUTH AFRICA Telephone: +27 (0)41 5043604 Fax: +27 (0)41 5049604 Email: [email protected] Date of Birth: 25 January 1956 Qualifications: B.Sc (UPE) 1976, H.D.E. (UPE) 1977, NH Dip: EDP (PE Tech) 1984, B.Sc.(Hons) (UNISA) 1988, M.Sc. (RAU) 1989, Ph.D. (RAU) 1994.
Certifications: ISACA - CISM (no. 1013929) Membership of Professional Bodies:
Professional Member of the Computer Society of South Africa (PMSSA)
Member of the Information Systems Audit and Control Association (ISACA) South African Institute for Computer Scientists and Information Technologists (SAICSIT)
Current Affiliation:
I am employed at the Nelson Mandela Metropolitan University, previously Port Elizabeth Technikon, since April 1982. I was appointed as a lecturer in 1982 and was promoted to senior lecturer in 1986. From 1989 to 2005 I was Head of Department of Information Technology. I was promoted to Professor in 1996. Since 2006 I am the Director of the Institute for ICT Advancement (IICTA) at the NMMU.
I am currently serving on the following committees:
IFIP Technical Committee 11 Executive Committee (Vice-Chair)
South African Institute for Computer Scientists and Information Technologists (SAICSIT) – President 2006 to 2010, currently Immediate Past-president.
I was chairman of the following:
The Technikon Computer Lecturers Association (TECLA) - 1993/4, 1994/5, 1997/8, 1999/00 and 2000/01.
The Lecturing Staff Association of P.E. Technikon (LSA) - 1993 & 1994
IFIP Working Group 11.1 – Chairman 1995 to 2001
IFIP TC 11 Working Group Coordinator – 2001 till 2007
2. Publications and Research Outputs a) The following papers have been published in accredited journals: i. "Computer Security Management: A Framework for Effective Management
Control"; R von Solms, S H von Solms & W J Caelli; Information Age, vol 12, no 4, 1990.
ii. "A Model for Information Security Management"; R von Solms, S H von Solms
& W J Caelli; Information Management and Computer Security, vol 1, no 3,
1993. iii. "A Framework for Information Security Evaluation"; R von Solms, H van de
Haar, S H von Solms & W J Caelli; Information & Management, vol 26, no 3, 1994.
iv. “A Business Approach to effective Information Technology Risk Analysis and
Management”; S Halliday, R von Solms & K Badenhorst; Information Management & Computer Security; vol 4, no 1, 1996. (Promoter of student)
v. “Information Security Management: The Second Generation?”; R von Solms;
Computers & Security, August, 1996. vi. “Driving safely on the Information Security Superhighway”; R von Solms;
Information Management & Computer Security; vol 5, no 1, 1997. vii. “A Methodology for the effective evaluation of Information Security according
to BS 7799"; L Barnard and R von Solms; Information Management & Computer Security, vol 6, no 2, 1998. (Promoter of student).
viii. “Information Security Awareness: Educating your users effectively”; M
Thomson and R von Solms; Information Management & Computer Security, vol 6, no 4, 1998. (Promoter of student)
ix. “Information Security Management (1): Why Information Security is so
Important”; R von Solms; Part 1 of a three part series; Information Management & Computer Security, vol 6, no 4, 1998.
x. “Information Security Management (2): Guidelines for the Management of
Information Security (GMITS)”; R von Solms; Part 2 of a three part series; Information Management & Computer Security, vol 6, no 5, 1998.
xi. “Information Security Management (3): A Code of Practice for the
Management of Information Security (BS7799)”; R von Solms; Part 3 of a three part series; Information Management & Computer Security, vol 6, no 6, 1998.
xii. “Information Security Management: Why standards are important”; R von
Solms; Information Management & Computer Security; vol 7, no 1, 1999. xiii. “A Formalized approach to the Effective Selection and Evaluation of
Information Security Controls”; L Barnard and R von Solms; Computers & Security; vol 8, no 3, 2000. (Promoter of student)
xiv. “Formalizing Security Requirements”; M Gerber, R von Solms and P
Overbeek; Information Management and Computer Security; vol 9, no 1, 2001. (Promoter of student)
xv. “A Phased approach to Certification”; SH von Solms and R von Solms;
Computers & Security; vol 20, no 4, 2001.
xvi. “Using Trend Analysis for effective Information Security Management: The
Concept (Part 1)”; R von Solms and M Botha; Information Management and Computer Security, vol 9, no 5, 2001. (Promoter of student).
xvii. “From Risk Analysis to Security Requirements”; M Gerber and R von Solms;
Computers & Security, vol 20, no 6, 2001. (Promoter of Student). xviii. “Using Trend Analysis for effective Information Security Management: The
Model (Part 2)”; R von Solms and M Botha; Information Management and Computer Security , vol 10, no 1, 2002. (Promoter of student).
xix. “The Information Security Management Toolbox – Taking the Pain out of
Security Management”; C Vermeulen and R von Solms; Information Management and Computer Security , vol 10, no 3, 2002. (Promoter of student).
xx. “The utilization of Artificial Intelligence in a Hybrid Intrusion Detection System”, M Botha, R von Solms, K Perry, E Loubser, G Yamoyany, The ACM Digital Library, SAICSIT2002, 2002. (Promoter of student)*
xxi. “Deriving Information Security Control Profiles for an Organization” H van de Haar and R von Solms; Computers & Security, Vol 22, No 3, 2003. (Promoter of student).
xxii. “Utilising Fuzzy Logic and Trend Analysis for Effective Intrusion Detection”; M
Botha and R von Solms; Computers & Security, Vol 22, No 5, 2003. (Promoter of student).
xxiii. “Towards Information Security Behavioural Compliance”, C Vroom & R von
Solms. Computers & Security. Vol 23, No 3, 2004. (Promoter of student). xxiv. “From Policies to Culture”, R von Solms & B von Solms. Computers &
Security. Vol 23, No 4, 2004. xxv. “The 10 deadly sins of Information Security”, R von Solms & B von Solms.
Computers & Security. Vol 23, No 5, 2004. xxvi. “A Cyclic Approach to Business Continuity Planning”; J Botha & R von Solms;
Information Management & Computer Security. Information Management and Computer Security , Vol 12, no 4, 2004. (Promoter of student).
xxvii. “A Framework for the Governance of Information Security”, S Posthumus & R von Solms, Computers & Security. Vol 23, no 8, 2004. (Promoter of student).
xxviii. “Management of Risk in the Information Age”, M Gerber & R von Solms,
Computers & Security. Vol 24, no 1, 2005. (Promoter of student).
xxix. “Information Security Obedience”, K-L Thomson & R von Solms, Computers & Security. Vol 24, no 2, 2005. (Promoter of student).
xxx. “IT oversight: an important function of corporate governance”, S Posthumus &
R von Solms, Computer Fraud & Security. Vol 2005, June 2005, Issue 6, Pages 11-17. (Promoter of student).
xxxi. “Continuous auditing: verifying information integrity and providing assurances
for financial reports”, S Flowerday & R von Solms, Computer Fraud & Security. Volume 2005, July 2005, Issue 7, Pages 12-16. (Promoter of student).
xxxii. “From information security to…business security?”, B von Solms and R von
Solms, Computers & Security, Vol 24, no 4. 2005. xxxiii. “Real-time information integrity = System integrity + Data Integrity +
Continuous assurances”, S Flowerday & R von Solms, Computers & Security, Vol 24, no 8, 2005. (Promoter of student).
xxxiv. “Towards an Information Security Competence Maturity Model”; K-L Thomson
& R von Solms; Computer Fraud & Security, Volume 2006, Issue 5, 2006. (Promoter of student).
xxxv. “Continuous Auditing Models and Technologies: A discussion”; S Flowerday,
A Blundell & R von Solms; Computers & Security, Vol 25, no 5, pages 317 - 324, 2006. (Promoter of students).
xxxvi. “Information Security Governance: A Model based on the Direct-Control
Cycle”; R von Solms & B von Solms; Computers & Security, Vol 25, Issue 6, pages 408 – 412, 2006.
xxxvii. “Information Integrity Assurance for Networks: Let’s learn from the financial
model”; C Olivier, R von Solms & L Cowley; Computer Fraud & Security, Volume 2006, Issue 8, pages 7 – 14, 2006.
xxxviii. “Information Security Governance: Due Care”; R von Solms & B von Solms;
Computers & Security, Volume 25, Issue 7, pages 494 – 497, 2006. xxxix. “Cultivating an Organizational Information Security Culture”; K-L Thomson, R
von Solms & L Louw; Computer Fraud & Security, Volume 2006, Issue 10, pages 7 – 11, 2006.
xl. “Towards Enterprise Information Risk Management”; N Lategan & R von
Solms; Computer Fraud & Security, Volume 2006, Issue 12, pages 15-19, 2006. (Promoter of student)
xli. “What Constitutes Information Integrity?”; S Flowerday & R von Solms; South African Journal for Information Management, Volume 9, Issue 4, 2007. (Promoter of student)
xlii. “Information Security Requirements – Interpreting the Legal Aspects”; M Gerber & R von Solms; Computers & Security, Volume 27, Issue 5-6, pages
124 – 135, 2008.
xliii. "Information Security Culture: A Management Perspective", J van Niekerk & R von Solms, Computers & Security, Volume 29, Issue 4, pages 476 – 486, 2010.
xliv. “The Board and IT Governance: The What, Who and How”, S Posthumus, R von Solms & M King, South African Journal for Business Management (SAJBM), Vol 41, Issue 3, pages 23 – 32, Sept 2010.
xlv. “Information Security Education in South Africa”, L Futcher, C Schroder & R von Solms, Information Management & Computer Security (IM&CS), Vol 18, Issue 5, Oct 2010.
xlvi. “Municipalities and IT Governance – Towards a strategic planning framework”, E Kaselowski, R von Solms & B von Solms, Journal of Public Administration (JOPA), Vol 45, No 2, pages 333 – 342, Jun 2010.
xlvii. “The Board and IT Governance: Towards practical implementation guidelines”, S Posthumus & R von Solms, Journal of Contemporary Management (JCM), Vol 7, pages 574 – 596, Nov 2010.
xlviii. “Information Security Service Support - helping end-users cope with security”, R Rastogi & R von Solms, Journal of Computer Technologies and Applications (JCTA), Vol 2, No 2, pages 137 – 148, 2011.
xlix. “Preventative action for enhancing online protection and privacy”, S Furnell, R von Solms & A Phippin, International Journal for Information Technology and Systems Approach (IJITSA), Vol 4, Issue 2, pages 1 – 11, 2011.
l. “Enabling information sharing by establishing trust in supply chains: A case study in the South African automotive industry”, R Piderit, S Flowerday & R von Solms, South African Journal of Information Management (SAJIM). Vol 13, Issue 1, 2011.
li. “How can Secure Software be Trusted”, L Futcher & R von Solms, South African Computer Journal (SACJ), Vol 47, pages 1 – 6, 2011.
lii. “Towards the Human Information Security Firewall”, R von Solms & M Warren, International Journal for Cyber Warfare and Terrorism (IJCWT). Vol 1, Issue 2, pages 10 – 17. 2011.
Papers submitted, being reviewed or accepted for publication
i. “A Service-oriented Approach to Information Security Management”, R
Rastogi & R von Solms, Journal of Information Systems Security, Submitted on 18 November 2009. Accepted for publication.
ii. “Senior citizens and Internet-based services”, R von Solms & E de Lange, African Journal of Information and Communication, Submitted on 24 January 2011.
iii. “Information Security Service Culture – information security for end-users”, R Rastogi & R von Solms, Journal of Universal Computer Science, Submitted on 21 August 2011. Accepted for publication on 21 March 2012.
iv. “Phishing for Phishing Awareness", K Jansson & R von Solms, Behaviour and
Information Technology. Accepted on 13 October for publication.
v. “Cloud Computing Service Value: A message to the Board”, M Viljoen & R von Solms, South African Journal for Business Management. Accepted for publication.
vi. “A Framework for a Personal Information Security Agent”, E Stieger & R von Solms, The International Journal of INFORMATION. Accepted for publication on 15 December 2011.
vii. “A Theory Based Approach to Information Security Culture Change”, J van Niekerk & R von Solms, The International Journal of INFORMATION. Accepted for publication on 15 December 2011.
viii. “Information Security Service Management”, R Rastogi & R von Solms,
Journal for Contemporary Management. Submitted 25 March 2012.
b) The following peer-reviewed papers have been presented at international conferences: i. "A Process approach to Information Security Management"; R von Solms, SH
von Solms & J M Carroll, IFIP/Sec 93, Toronto, Canada, May 1993.
ii. "A Tool for Information Security Management"; R von Solms & H van de Haar, CRAMM User Group Technical Conference, Coventry, United Kingdom, June 1993.
iii. "Risk Management and Disaster Recovery: A Management Overview"; R von
Solms, LESTA '91, International Conference on Information Technology, Maseru, Lesotho, April 1991.
iv. "Information Security Management: The ISO 9000 Route"; L Meyer & R von
Solms, IFIP/Sec '95, Cape Town, South Africa, May 1995. (Promoter of student)
v. "Information Security Management in Open Distributed Systems"; M Calitz, R
von Solms & S H von Solms, IFIP/Sec '95, Cape Town, South Africa, May 1995.
vi. “Information Technology Education: A New Experience in a New South
Africa”; E F du Preez & R von Solms, IFIP TC 3 & TC9, Jerusalem, Israel, March 1996.
vii. “Can Security Baselines replace Risk Analysis?”; R von Solms, IFIP/Sec '97,
Copenhagen, Denmark, May 1997. viii. “An Effective Information Security Awareness programme for Industry”; R von
Solms & M E Thomson, IFIP WG 11.1 Workshop, Copenhagen, Denmark, May 1997.
ix “A Formalized approach to the Evaluation of Information Security”; L Barnard
and R von Solms, IFIP WG 11.1 Workshop, Vienna, Austria, September 1998. (Promoter of student)
x. “The Information Security Toolbox”; R von Solms, IRMA International
Conference, Hershey, PA, USA, May 1999. xi. “The Effective Utilization of Audit Logs in Information Security Management”;
W Olivier and R von Solms, IFIP WG 11.1 & 11.2 Conference, Amsterdam, The Netherlands, September 1999. (Promoter of student)
xii. “From Trusted Information Security Controls to a Trusted Information Security
Environment”; R von Solms & H van de Haar; World Computer Congress, Beijing, China, September 2000. (Promoter of student)
xiii. “Computer Security: Hacking Tendencies, Criteria and Solutions”; M Botha &
R von Solms; World Computer Congress, Beijing, China, September 2000. (Promoter of student)
xiv. “Introducing ISO/IEC 17799 using a Phased Approach”; J van Niekerk & R
von Solms, BITWORLD, Cairo, Egypt, May 2001. (Promoter of student) xv. “Security Requirements for an Information Society”; M Gerber & R von Solms,
BITWORLD, Cairo, Egypt, May 2001. (Promoter of student) xvi. “The Effective Implementation of Information Security in Organisations”; O
Hoppe, J van Niekerk & R von Solms, IFIP/Sec 2002, Cairo, Egypt, May 2002. (Promoter of student)
xvii. “A Practical Approach to Information Security Awareness in the Organisation”;
C Vroom & R von Solms, IFIP/Sec 2002, Cairo, Egypt, May 2002. (Promoter of student)
xviii. “Information Security: Auditing the behaviour of the employee”, C Vroom & R
von Solms, IFIP Working Group 11.1 Workshop, Athens, Greece, May 2003. (Promoter of student)
xix. “Integrating Information Security into Corporate Governance”, K-L Thomson &
R von Solms, IFIP/Sec 2003, Athens, Greece, May 2003. (Promoter of student)
xx. “NeGPAIM: A Hybrid Model that will perform ID by uitlizing artificial
intelligence”, M Botha & R von Solms, ECIW, University of Reading, UK, July 2003. (Promoter of student)
xxi. “Information Security Governance: A Challenge for Senior Management”, R
von Solms, IRMA 2004, New Orleans, May 2004. xxii. “Corporate Information Security Education: Is outcomes based education the
solution?”, R von Solms & J van Niekerk, IFIP WG 11.1, Toulouse, France, August 2004.
xxiii. “Towards Corporate Information Security Obedience”, R von Solms & K-L
Thomson, IFIP WG 11.1, Toulouse, France, August 2004. xxiv. “A Responsibility Framework for Information Security”, S Posthumus & R von
Solms, IFIP 11.1&11.5 Working Conference, Fairfax, Virginia, USA, December 2005.
xxv. “Information Security Governance: A Re-definition”, R von Solms & R Rastogi,
IFIP 11.1&11.5 Working Conference, Fairfax, Virginia, USA, December 2005. xxvi. “Going Wireless or Not: Does it bother the Board?”, R von Solms & R Mulder,
5th Information Security Conference, Las Vegas, USA, April 2006. xxvii. “Is Trust a Portent in the Extended Enterprise Supply chain?”, S Flowerday &
R von Solms; IFIP/Sec 2006, Karlstadt, Sweden, May 2006. xxviii. “The Roles of E-Learning in Corporate Information Security”; J van Niekerk &
R von Solms, E-Learn2006, Honolulu, Hawaii, USA, October 2006.
xxix. “An Information Security Reporting Architecture for Information Security Visibility”, M Viljoen, R von Solms & M Gerber, HAISA2007, Plymouth, UK, July 2007.
xxx. “Information Security Awareness: Towards a Generic Programme”, H Mauwa & R von Solms, HAISA2007, Plymouth, UK, July 2007.
xxxi. “SECSDM: A Model for Integrating Security into the Software Development Life Cycle”, L Futcher, & R von Solms, WISE 2007, New York, USA, May 2007.
xxxii. “Agency Theory: Can it be used to Strengthen IT Governance”, S Posthumus
& R von Solms, IFIP/Sec 2008, Milan, Italy, September 2008. xxxiii. “Using Knowledge Creation and Agency Theory to Shape an Information
Security Obedient Culture“, K-L Thomson & R von Solms, IFIP WG11.1 Working Conference, Richmond, Virginia, USA, October 2008.
xxxiv. “Recognising and addressing barriers to eSafety and Security Awareness”, S Furnell, R von Solms & A Phippen, IFIP TC 8 Workshop on Information Systems Security Research, Cape Town, South Africa, May 2009.
xxxv. “A Service-oriented Approach to Information Security Management”, R Rastogi & R von Solms, CISTM: 7th International Conference on Information Science Technology and Management (CISTM 2009), Delhi, India, June 2009.
xxxvi. “Using Bloom’s Taxonomy for Information Security Education”, J van Niekerk & R von Solms, 6th World Conference on Information Security Education (WISE 2009), Bento Goncalves, Brazil, July 2009.
xxxvii. “A Risk-Based Approach to Formalise Information Security Requirements for Software Development”, L Futcher & R von Solms, 6th World Conference on Information Security Education (WISE 2009), Bento Goncalves, Brazil, July 2009.
xxxviii. “A Cyber Security Curriculum for Southern African Schools”, M de Lange & R von Solms, Southern African Cyber Security Awareness Workshop, Gaborone, Botswana, May 2011.
xxxix. “A Cyber-Security Portal for Southern Africa”; J van Niekerk & R von Solms, Southern African Cyber Security Awareness Workshop, Gaborone, Botswana, May 2011.
xl. “Cyber awareness initiatives in South Africa”; M Grobler, R von Solms, S Flowerday & H Venter, Southern African Cyber Security Awareness Workshop, Gaborone, Botswana, May 2011.
xli. “A Enterprise Anti-Phishing Framework”; E Frauenstein & R von Solms, 7th World Information Security Education (WISE 7) Conference, Lucerne, Switzerland, June 2011.
xlii. “Criteria for a Personal Information Security Agent”; E Stieger & R von Solms,
10th European Conference on Information Warfare and Security (ECIW), Tallinn, Estonia, July 2011.
xliii. “Information Security Service Branding - Beyond Information Security Awareness”; R Rastogi & R von Solms, Education and Information Systems, Technologies and Applications (EISTA) 2011, Orlando, USA, July 2011.
xliv. “Secure Internet Usage: Educating the Cyber Generation”; R von Solms, Education and Information Systems, Technologies and Applications (EISTA) 2011, Orlando, USA, July 2011.
xlv. “Mobile parental control: South African youth at risk”; J Marais, J van Niekerk
& R von Solms, 6th International Conference on Pervasive Computing and Applications (CPCA), Port Elizabeth, South Africa, October 2011.
xlvi. “Simulating malicious emails to educate end-users on-demand”, K Jansson & R von Solms, 6th International Conference on Pervasive Computing and Applications (CPCA), Port Elizabeth, South Africa, October 2011.
c) The following peer-reviewed papers have been presented at national conferences: i. "Conventional Software Development vs. Lower Case Software
Development"; D Janse van Rensburg & R von Solms, CISNA, Cape Town, May 1994.
ii. "Research in Information Technology at South African Technikons"; R von
Solms, SAICSIT 95, Pretoria, May 1995. iii. "Using Multi-media for social upliftment in deprived communities in Southern
Africa"; R von Solms, Technikon Research Development - The RDP challenge; Pretoria, June 1995.
iv. “Information Security Management: What next?”; R von Solms, SAICSIT 96,
Durban, September 1996. v. “Computer Security - How secure are your Systems and Networks”, R von
Solms, CSSA 8th Annual Conference, Cape Town, October 1996. vi. “A Model for Evaluating Information Security”; L Barnard & R von Solms,
SAICSIT 97, Vanderbijlpark, November 1997. (Promoter of student) vii. “Information Security Awareness, A must for the Future”; M Thomson & R von
Solms, SAICSIT 97, Vanderbijlpark, November 1997. (Promoter of student) viii. “Information Security Management. Why standards are important.”; R von
Solms, CSSA 10th Annual Conference, Durban, South Africa, August 1998. ix “Effective Information Security Monitoring using Data Logs”; W Krige & R von
Solms, SAICSIT 98, Gordons Bay, November 1998. (Promoter of Student) x. “Introducing Information Security: A Comprehensive Approach”; E Munyiri & R
von Solms, SAICSIT 98, Gordons Bay, November 1998. (Promoter of Student)
xi. “From Information Security Baselines to Information Security Profiles”; H van
de Haar & R von Solms, SAICSIT 99, Pretoria, November 1999. (Promoter of Student)
xii. “The Information Security Management Toolbox – A Practical Guide”; R von Solms, M Gerber, J van Niekerk, O Hoppe, C Vroom & K Aenmey, ISSA2001, Magalies Berg, July 2001.
xiii. “Fuzzy Logic in Intrusion Detection”; M Botha & R von Solms, ISSA2001,
Magalies Berg, July 2001. (Promoter of student) xiv. “Computer Security: Hacking Tendencies, Criteria and Solutions”; M Botha, W
Olivier & R von Solms, SAICSIT, Pretoria, September 2001. (promoter of student)
xv. “Corporate Governance: Information security the weakest link?”, Kerry-Lynn
Thomson & R von Solms, ISSA2002, Muldersdrift, 10-12 July 2002. xvi. “A Cyclic approach to Business Continuity Planning”, Jacques Botha & R von
Solms, ISSA2002, Muldersdrift, 10-12 July 2002. (Promoter of student) xvii. “Auditing the Employee in the Work Environment with Regard to Information
Security”, Cheryl Vroom & R von Solms, ISSA2002, Muldersdrift, 10-12 July 2002. (Promoter of student)
xviii. “Information Security Awareness Baseline Education and Certification”, Lindie
du Plessis & R von Solms, ISSA2002, Muldersdrift, 10-12 July 2002. (Promoter of student)
xix. “A Web-Based Portal for Information Security Education”, Johan van Niekerk
& R von Solms, ISSA2002, Muldersdrift, 10-12 July 2002. (Promoter of student)
xx. “Information Security: Auditing the Behaviour of the Employee”, C Vroom & R
von Solms, SAICSIT2002 (Post-graduate Symposium), Port Elizabeth, 16-18 September 2002. (Promoter of student)
xxi. “The utilization of Artificial Intelligence in a Hybrid Intrusion Detection
System”, M Botha, R von Solms, K Perry, E Loubser, G Yamoyany, SAICSIT2002, Port Elizabeth, 16-18 September 2002. (Promoter of student)*
xxii. “Training Misuse Intrusion Detection Systems in a Honeypot Environment”,
Richard Noble & R von Solms, ISSA2003, Johannesburg, 9-11 July 2003. (Promoter of student)
xxiii. “Information Security Auditing: The Missing Link?”, Cheryl Vroom & R von
Solms, ISSA2003, Johannesburg, 9-11 July 2003. (Promoter of student) xxiv. “Creating a Security-Conscious Culture Through Effective Corporate
Governance”, Kerry-Lynne Thomson & R von Solms, ISSA2003, Johannesburg, 9-11 July 2003. (Promoter of student)
xxv. “Establishing an Information Security Culture in Organisations: An Outcomes-
Based Education Approach”, Johan van Niekerk & R von Solms, ISSA2003,
Johannesburg, 9-11 July 2003. (Promoter of student) xxvi. “Using Neural Networks for effective Intrusion Detection”, M Botha & R von
Solms, ISSA 2004, Johannesburg, June 2004. xxvii. “Organizational Learning Models for Information Security Education”, J van
Niekerk & R von Solms, ISSA 2004, Johannesburg, June 2004. (Promoter of student)
xxviii. “Risk Management vs the Management of Risk: does it matter to the Board?”,
S Posthumus & R von Solms, ISSA 2004, Johannesburg, June 2004. (Promoter of student)
xxix. “Corporate Information Security Governance: A Holistic Approach”, L Meurs &
R von Solms, ISSA 2004, Johannesburg, June 2004. (Promoter of student) xxx. “Cultivating Corporate Information Security Obedience”, K-L Thomson & R
von Solms, ISSA 2004, Johannesburg, June 2004. (Promoter of student) xxxi. “The Proliferation of Wireless Devices and its Role in Corporate Governance”,
R Mulder & R von Solms, ISSA 2005, Johannesburg, July 2005. (Promoter of student).
xxxii. “An Investigation of Information Security compliance regulations in the South
African financial sector”, R Maphakela, D Pottas & R von Solms, ISSA 2005, Johannesburg, July 2005. (Co-promoter of student)
xxxiii. “A holistic framework for the fostering of an information security sub-culture in
organizations”, Johan van Niekerk & R von Solms, ISSA 2005, Johannesburg, July 2005. (Promoter of student).
xxxiv. “Understanding Information Security Culture: A Conceptual Framework”;
Johan van Niekerk & Rossouw von Solms; ISSA2006, Johannesburg July 2006.
xxxv. “Utilizing Fuzzy Logic and Neural Networks for Effective, Preventative Intrusion Detection in a Wireless Environment”, R von Solms, R Goss & M Botha, SAICSIT 2007, Fish River Sun, 1-3 October 2007.
xxxvi. “Bloom's Taxonomy for Information Security Education”, J Van Niekerk & R Von Solms, Information Security South Africa (ISSA) 2008, Johannesburg, July 2008.
xxxvii. “Guidelines for Secure Software Development”, L Futcher & R von Solms,
SAICSIT 2008, Wildernis, 5-7 October 2008.
xxxviii. “Phishing: How an Organization can protect itself“, E Frauenstein & R von Solms, Information Security South Africa (ISSA) 2009, Johannesburg, July 2009.
xxxix. “Social Engineering: Towards a Holistic Solution”, K Jansson & R von Solms, South African Information security Multi-Conference (SAISMC), 2010, Port Elizabeth, May 2010.
xl. “The Wild Wide West of Social Networking Sites”, E Frauenstein & R von Solms, South African Information Security Multi-Conference (SAISMC), 2010, Port Elizabeth, May 2010.
xli. “An Integrative Approach to Information Security Education: A South African Perspective”, L Futcher, C Schroder & R von Solms, South African Information Security Multi-Conference (SAISMC), 2010, Port Elizabeth, May 2010.
xlii. “Sweetening the medicine: Educating users about information security by means of game play”, T Monk, J van Niekerk & R von Solms, SAICSIT 2010, Oct 2010.
xliii. “Research in Computer Science, Information Systems and Information Technology – Back to the Basics”, R von Solms & J van Niekerk, South African Computer Lecturers Association (SACLA) 2011, Durban, June 2011.
xliv. “Information Security Governance Control through Comprehensive Policy Architectures”, Rossouw Von Solms, Kerry-Lynn Thomson & Prosecutor Mvikeli Maninjwa, Information Security South African (ISSA) 2011, Johannesburg, August 2011.
xlv. “A Web-Based Information Security Governance Toolbox for Small-to-medium Enterprises in Southern Africa”, Jacques Coertze, Johan Van Niekerk & Rossouw Von Solms, Information Security South African (ISSA) 2011, Johannesburg, August 2011.
xlvi. “Guidelines for the Creation of Brain Compatible Cyber Security Educational Material in Moodle 2.0”, Rayne Reid, Johan Van Niekerk & Rossouw Von Solms, Information Security South African (ISSA) 2011, Johannesburg, August 2011.
xlvii. “The importance of raising e-safety awareness amongst children”, Mariska de Lange & Rossouw von Solms, ZA-WWW 2011, Johannesburg, September 2011.
xlviii. “Towards a social engineering resistant user model”, Kenny Jansson & Rossouw von Solms, ZA-WWW 2011, Johannesburg, September 2011.
d) The following keynote and invited papers have been presented at international and national conferences:
i. “Towards the Human Firewall: Standards, pitfalls and suggestions”, R von
Solms, CSRC/IFIP Workshop, London, UK, 15 November 2002. (Invited Paper)
ii. “Integrating Information Security into the IT Curriculum”, R von Solms & B von Solms, MicroSoft Academic Days, Dubai, April 2004. (Invited Paper)
iii. “Security in the SDLC: A primer for discourse”, R von Solms & M Pather,
Microsoft Academic Days, Doha, Qatar, December 2005. (Invited Paper)
iv. “Information Security Governance: What it is and what role network management play?”; R von Solms, INC2006, Plymouth, UK, July 2006. (Keynote presentation)
v. “Creating an IT Watchdog for the Board by assembling an IT Oversight
Committee”; Rossouw von Solms, IT Governance and Strategy Summit, Johannesburg, August 2006. (Invited presentation)
vi. “Towards a culture of secure WWW and Internet usage”; R von Solms, ZA-
WWW, Port Elizabeth, August 2009. (Keynote presentation)
vii. “Hoe die benutting van tegnologie die skoolhoof se taak kan vergemaklik”; R von Solms, SAOU Kongres, Port Elizabeth, Augustus 2009. (Invited paper)
viii. “IT Governance: The what, the who and the how”; R von Solms, IT Governance Summit, Computer Society of South Africa (CSSA), Midrand, April 2010. (Invited paper)
ix. “Cyber Bullying: Reality of Myth?” R von Solms, Centre for Justice and Crime Prevention Roundtable on Cyber Bullying and Sexting, Cape Town, 19 August 2011.
e) Books published:
i. “Information Security Governance”, SH von Solms & R von Solms, Springer-Verlag, January 2009.
f) The following papers have been published in popular journals:
i. “Risk Management Utilizing an Effective Set of Security Controls”, Q de Ridder & R von Solms, Information Technology on the Move 1995. (Promoter of student)
ii. “Business in Cyberspace”, K Steenkamp & R von Solms, Information Technology on the Move 1995. (Promoter of student)
iii. “Windows NT as a Local Area Network Operating System in an Educational Environment”, O Brits & R von Solms, Information Technology on the Move 1995. (Promoter of student)
iv. “Effective Selection of Information Security Baseline Controls”, L Lamprecht & R von Solms, Information Technology on the Move 1996. (Promoter of student)
v. “Information Security Health Checks”, B Ngqaleni & R von Solms, Information
Technology on the Move 1997. (Promoter of student)
vi. “Effective Information Security Policies”, J Halliday & R von Solms, Information Technology on the Move 1997. (Promoter of student
vii. “Effective Usage of UNIX Log Files for Information Security Management”, W
Krige & R von Solms, Information Technology on the Move 1997. (Promoter of student)
viii. “Securing an Academic Computer Network”, D Nutt & R von Solms, Information
Technology on the Move 1997. (Promoter of student)
ix. “The Implementation of Entry Level Information Security”, M van Aardt & R von Solms, Information Technology on the Move 1998. (Promoter of student)
x. “The Development of an Information Security Policy Satisfying the BS7799
Standard”, E Munyiri & R von Solms, Information Technology on the Move 1998. (Promoter of student)
xi. “Information Security Management through the effective Usage of Data Logged
at Firewalls”, C le Roux & R von Solms, Information Technology on the Move 1998. (Promoter of student)
xii. “The Development of a technique to effectively determine the Information
Security Requirements of an organization”, M Gerber & R von Solms, Information Technology on the Move 1999. (Promoter of student)
xiii. “A Management Tool for the Effective Implementation of Information Security in
an Organization using the BS7799 Standard”, C Vermeulen & R von Solms, Information Technology on the Move 1999. (Promoter of student)
xiv. “An Information Security Healthcheck: Determining the Information Security
Status of an Organisation”, F Kotze & R von Solms, Information Technology on the Move 2000. (Promoter of student)
xv. “Convincing Top Management that Information Security is their Responsibility”,
P Qoboshiyana & R von Solms, Information Technology on the Move 2000. (Promoter of student)
xvi. “Monitoring User Activities in Computer Laboratories”, M Adams & R von
Solms, Information Technology on the Move 2000. (Promoter of student)
xvii. “A Practical Approach to Information Security Awareness in the Organization”,
C Vroom & R von Solms, Information Technology on the Move 2001 and PRO Technida Bulletin for Technikon Education, Vol 19 No 1, October 2002. (Promoter of student)
xviii. “Corporate Governance: Information Security the Weakest Link?”, K-L
Thomson & R von Solms, Information Technology on the Move 2002 and PRO Technida Bulletin for Technikon Education Vol 20 No 1, July 2003. (Promoter of student)
xix. “Information Security Awareness: Baseline Education and Certification”, L du
Plessis & R von Solms, Information Technology on the Move 2002. (Promoter of student)
xx. “Intrusion Detection: A pro-active approach to trend analysis”, E Loubser, M
Botha & R von Solms, Information Technology on the Move 2002. (Promoter of student)
xxi. “The Electronic Communications and Transactions Act and its Effect on the
Organisation”, L Mears & R von Solms, Information Technology on the Move 2003. (Promoter of student)
xxii. “Training Misuse Detection Systems in a Honeypot Environment”, R Noble & R
von Solms, Information Technology on the Move 2003. (Promoter of student)
xxiii. “IVIDS – The Integration of Information Visualization and Intrusion Detection Systems”, R Booysen, Werner Olivier & R von Solms, Information Technology on the Move 2003.
xxiv. “A Critical Evaluation of Risk Analysis With Emphasis on the Information
Environment”, S Posthumus, Mariana Gerber & R von Solms, Information Technology on the Move 2003.
xxv. “BCP Cyclic: Reports and Documents that constitute the business continuity
plan”, Neil Lategan and Rossouw von Solms.
xxvi. “Information Security Education Program Curriculum”, Cleona Dane Grope, Rossouw von Solms and Helen van de Haar.
xxvii. “An Importance of Assessment and Feedback in a Web-Based Learning
Environment”, Taryn White, Helen van de Haar and Rossouw von Solms.
xxviii. “NeGPAIM: A Hybrid Model for Intrusion Detection”, Robert Goss, Demetrios Loutsios, Martin Botha and Rossouw von Solms.
xxix. Business Information – Your Company‟s Time-bomb? – INFOCOM, March
2005
xxx. Information Security Terminology – But it‟s all so familiar! – INFOCOM, April
2005
xxxi. IT Governance – Wake-up Mr CEO! – INFOCOM, May 2005
xxxii. Information Security Governance – Something new, but very important – INFOCOM, June 2005
xxxiii. Information Security Roles and Responsibilities – INFOCOM, July 2005
xxxiv. Information Security Best Practices – Do not reinvent the wheel! – INFOCOM,
August – 2005
xxxv. The Corporate Information Security Policy – INFOCOM, September 2005*
xxxvi. Information Security Awareness in the Organization – INFOCOM, October 2005
xxxvii. Information Security Legal and Regulatory Aspects – INFOCOM, November
2005
xxxviii. Information Security Monitoring and Compliance – INFOCOM, December 2005
xxxix. ICT Shortages – Myth or Reality; Editorial in Business Link Magazine, November/December 2007
xl. IT Governance – Due Care or Negligence; Editorial in Business Link Magazine, January/February 2008
xli. The Information Age and the „Technology Cowboys‟; Editorial in Business Link Magazine, March/April 2008
g) The following proceedings have been edited or co-edited by myself: i. "Notes on Information Security Management - 1992"; edited by R von Solms
& S H von Solms; (Proceedings of the Workshop on Information Security Management held by IFIP WG 11.1 during the IFIP/Sec 92 conference in Singapore, May 1992).
ii. "Notes on Information Security Management - 1993"; edited by R von Solms & S H von Solms; (Proceedings of the Workshop on Information Security Management held by IFIP WG 11.1 during the IFIP/Sec 93 conference in Toronto, Canada, May 1993).
iii. "Notes on Information Security Management - 1995"; edited by R von Solms;
(Proceedings of the Workshop on Information Security Management held by IFIP WG 11.1 during the IFIP/Sec 95 conference in Cape Town, South Africa, May 1995).
iv. "Notes on Information Security Management - 1996"; edited by R von Solms;
(Proceedings of the Workshop on Information Security Management held by IFIP WG 11.1 during the IFIP/Sec 96 conference on Samos Island, Greece, May 1996).
v. "INFORMATION SECURITY -from Small Systems to Management of Secure
Infrastructures"; edited by JHP Eloff & R von Solms; (Proceedings of the Workshop on Information Security Management held by IFIP WGs 11.1 and 11.2 during the IFIP/Sec 97 conference in Copenhagen, Denmark, May 1997).
vi. "INFORMATION SECURITY -from Small Systems to Management of Secure
Infrastructures"; edited by JHP Eloff & R von Solms; (Proceedings of the Workshop on Information Security Management held by IFIP WGs 11.1 and 11.2 during the IFIP/Sec 98 conference in Vienna, Austria, September 1998).
vii. “Information Security Management & Small Systems Security”; edited by JHP
Eloff, L Labuschagne, R von Solms & J Verschuren; (Proceedings of the International Conference organized by IFIP WGs 11.1 and 11.2 in Amsterdam, The Netherlands, September 1999)
viii. “Advances in Information Security Management & Small Systems Security”;
edited by JHP Eloff, L Labuschagne, R von Solms & G Dhillon; (Proceedings of the International Conference organized by IFIP WGs 11.1 and 11.2 in Las Vegas, USA, September 2001 – Conference cancelled)
ix. “New Approaches for Security, Privacy and Trust in Complex Environments”, edited by H Venter, M Eloff, L Labuschagne, J Eloff & R von Solms. (Proceedings of the 22nd IFIP/Sec Conference organized by IFIP TC 11 in Sandton, South Africa, May 2007)
x. “Proceedings of the South African Information Security Multi-Conference”, edited by Nathan Clarke, Steven Furnell & Rossouw von Solms, SAISMC 2010, Port Elizabeth, South Africa, May 2010.
h) The following technical reports have been edited or co-edited by myself:
i. “Information Technology on the Move – 1995”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 1995)
ii. “Information Technology on the Move – 1996”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 1996)
iii. “Information Technology on the Move – 1997”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 1997)
iv. “Information Technology on the Move – 1998”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 1998)
v. “Information Technology on the Move – 1999”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 1999)
vi. “Information Technology on the Move – 2000”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 2000)
vii. “Information Technology on the Move – 2001”; edited by R von Solms.
(Proceedings of all papers presented at annual student paper seminar in 2001)
viii. “Information Technology on the Move – 2002”; edited by R von Solms. (Proceedings of all papers presented at annual student paper seminar in 2002)
ix. “Advances in ICT Research – 2005”; edited by R Botha & R von Solms
(Compendium of all published and presented papers by members of the School of ICT)
x. “Advances in ICT Research – 2006”; edited by R Botha & R von Solms (Compendium of all published and presented papers by members of the School of ICT)
i) Editorial Boards of international journals:
a) Computers & Security: TC 11 Editor (2008 – current) b) Journal for Information System Security (JISSec): Associate editor (2005 –
current) c) Information Management & Computer Security: Member of Editorial
Advisory Board (2005 – current) d) Journal of Global Information Management (JGIM): Member of Editorial
Review Board (1997 – current) j) I was General Conference Chair of:
a) IFIP/Sec 2007 conference in Sandton, South Africa b) South African Information Security Multi-Conference 2010 in Port
Elizabeth, South Africa k) I was part of the refereeing panel for the IFIP/Sec '95, IFIP/Sec ‟97, IFIP/Sec ‟98, IFIP/Sec 2001 to 2012, international conferences.
3. Accolades i. Rated since 1994 as a researcher by the National Research Foundation
(NRF). Currently rated in the B3 category (A researcher that enjoys considerable international recognition for the high quality and impact of his/her recent research outputs) for the period 2009 – 2013.
ii. Ernest Oppenheimer Memorial Trust research award for senior Technikon
staff for 1995. iii. Invited by FRD to serve on evaluation panel for Mathematical Science from
1995 to 1997. iv. Received a Literati Award for Excellence in 1999, from MCB University Press,
for a series of articles published in the international journal; Information Management & Computer Security.
v. P.E. Technikon Researcher of the Year for 1999, 2003 & 2004.
vi. NMMU Faculty Researcher of the Year for 2005 & 2010. vii. Received an IFIP Silver Core Award in 2001 for outstanding services to the
International Federation for Information Processing (IFIP). viii. Computer Society of South Africa (CSSA) Eastern Cape Chapter, ICT Person
of the Year for 2003.
4. Post-graduate Research Students a) The following student completed his Doctorate Degree in Information Technology under my supervision:
i. Dr M Botha with a thesis named: “The Utilization of Trend Analysis in the Effective Monitoring of Information Security”. 2004
ii. Dr S Flowerday: “Restoring Trust by Verifying Information Integrity through
Continuous Auditing”. 2007 iii. Dr K-L Thomson: “MISSTEV: A Model for the Integration of Information
Security and Corporate Culture”. 2008
iv. Dr M Gerber: “The Management of Information related Risks through identification of Information Security Requirements”. 2010
v. Dr S Posthumus: “A Model for aligning information technology strategic and tactical management”. 2010
vi. Dr J van Niekerk: “Fostering Information Security Culture through integrating Theory and Technology”. 2011.
vii. Dr R Rastogi: “Information Security Service Management – A service management approach to Information Security Management”. 2011.
viii. Dr L Futcher: “An Integrated Risk-based approach to support IT Undergraduate Students in Secure Software Development”. 2012.
b) The following students completed their Master’s Degrees in Information Technology / Business Information Systems under my supervision:
i. Mr N Deetlefs with a thesis named; "Effective Business Continuation in the 1990's with specific reference to Information Technology" in 1990.
ii. Ms H van de Haar with a thesis named; "Effective Information Security
through Risk Evaluation" in 1992. (Ms Van de Haar obtained this qualification Cum Laude.)
iii. Ms D Janse van Rensburg with a thesis named; "Conventional System
Development Methodologies vs CASE Based Methodologies" in 1993. iv. Ms D Button with a thesis named; "Continuity Planning in small to Medium
sized Organizations" in 1995.
v. Ms S Halliday with a thesis named; "Risk Analysis in Small to Medium sized Organizations" in 1995.
vi. Mr L Meyer with a thesis named; "Information Security Evaluation: The ISO
9000 Route" in 1995. vii. Mr M Holland; “The Effective and Secure Selling Information effectively on the
Internet” in 1998. viii. Mr M Thomson; “Effective Information Security Awareness to Industry” in
1999. ix. Ms L Barnard; “The Development of a Model for the Effective Evaluation of
Information Security in an Organization” in 1999. x. Mr W Krige; “The Usage of audit Logs for effective Information Security
Management.” 2000. xi. Mr M Botha; “The utilization of Trend Analysis in the Effective Monitoring of
Information Security.” 2002. xii. Mr C Vermeulen; “The Development of a Methodology to Implement an
Information Security Management System in an Organization.” 2002. xiii. Ms M Gerber: “The Development of a Technique to establish the Security
Requirements of an Organization.” 2002. xiv. Mr J Botha: “A Methodology to develop a Business Continuity plan for Small
to Medium Sized Organizations.” 2003 xv. Ms K-L Thomson: “Integrating Information Security into Corporate Culture”.
2004 xvi. Mr H Dixon: “Email security policy implementation in multinational
organizations with special reference to privacy laws”. 2004 xvii. Mr J van Niekerk: “Establishing an information security culture in
organizations: An Outcomes Based Education approach”. 2005 xviii. Mr S Viljoen: “Applying a framework for IT Governance in South African
Higher Education Institutions”. 2005 xix. Ms L Mears: Towards a Framework for Corporate Information Governance”.
2006 xx. Mr SM Posthumus: “Corporate Information Risk: An Information Security
Governance Framework”. 2006
xxi. Mr R Goss: “The Effective Combatting of Intrusion Attacks through Fuzzy Logic and Neural Networks”. 2007
xxii. Mr R Mulder: “The Proliferation of Wireless Communication and its effects on Corporate Governance”. 2007
xxiii. Mr N Lategan: “EPiRISMM: An Enterprise Information Risk Management Model”. 2007
xxiv. Ms C Olivier: “MoVIS: A Model for the Visualisation of Network Information Security”. 2007
xxv. Ms L Futcher: “A Model for Integrating Information Security into the Software
Development Life Cycle”. 2007 xxvi. Mr AW Blundell: “Continuous Auditing Technologies and Models“ 2007 xxvii. Mr H Mauwa: “Information Security Awareness: Generic Content, Tools and
Techniques” 2007 xxviii. Mr E Kaselowski: “Information Security Governance in Local Municipalities”
2008
xxix. Ms M Viljoen: “Information Security Governance: Effective Reporting” 2009
xxx. Mr H Koornhof: “Information Security Governance in Small Organizations” 2009
xxxi. Ms M de Lange: “Guidelines to establish an e-Safety Awareness in South Africa” Cum Laude 2012
xxxii. Mr K Jansson: Á Model for Cultivating Social Engineering Resistance within a Community” Cum Laude 2012
xxxiii. Mr E Stieger: “A Framework for the Development of a Personal Information Security Agent” 2012
c) Students who completed PhD degrees under my co-promotion:
i. Dr R Piderit with a thesis named: “A Model for Enhancing Trust in South African Automotive Supply Chains through Information Technology” in 2012.
d) Students who completed a Masters Diploma / Degree in Information Technology under my co-supervision:
i. Ms A Retief with a dissertation named; "The use of Expert Systems in Intelligent Computer-based Learning" in 1991.
ii. Mr C Papenfus with a dissertation named; “A Model for utilising self-protecting
shells in an Electronic Workflow Environment” in 2002.
iii. Mr M Tyukala with a dissertation named: “Governing Information Security Using Organisational Information Security Profile” in 2007.
iv. Mr P Maninjwa: “Managing an Information Security Policy Architecture: A Technical Documentation Perspective” 2012.
e) The following students are currently registered for a M Tech: Information Technology under my supervision:
i. Mr E Freuenstein: “The Development of a Framework to Mitigate Phising Threats”
ii. Mr J Coertze: “Information Security Governance in SMMEs”
f) The following students are currently registered for a PhD: Information Technology under my supervision:
i. Mr C Johl: ”A Value-framework for Information Technology Governance in South African Higher Education Institutions”
ii. Ms M Viljoen: “Compliance in Governing Cloud-based Email in South African
Higher Education Institutions”
iii. Mr Theo Tskota: “ICT Governance and Turnaround Strategies”.
g) The following students are currently registered for a MTech or PhD: Information Technology under my co-supervision:
i. Ms S Salie, MTech: IT. (Supervisor Dr Mariana Gerber)
ii. Mr J-P Snaddon, MTech: IT. (Supervisor Dr Mariana Gerber)
iii. Ms MM Mogale, MTech: IT. (Supervisor Dr Mariana Gerber)
iv. Ms N Isabirye, PhD: IT. (Promoter Prof S Flowerday (UFH))
h) I have been external examiner for various M.Sc, M.Comm and PhD candidates at universities in South Africa and abroad. Updated: May 2012